Data storage wiping process run 'in good faith'.

Railcorp told SC Magazine it would review "guidelines regarding lost property prior to the next auction".

"With digital devices RailCorp undertakes a process in good faith where we look to erase any stored information before it is included in our lost property auction," a spokesperson said.

"If staff do find something that has contact information they make every effort to return it."

It did not say how sensitive documents on hundreds of USBs sold at the auctions could be identified or removed, nor if it had previously considered the implications of selling lost personal storage devices.

The documents including tax returns and resumes were uncovered after Sophos chief technology officer Paul Ducklin ran a simple script to examine files left on 57 USB sticks he bought at the previous September RailCorp auction.

RailCorp advised customers to encrypt storage devices and attach a name and contact number to items carried on trains to assist in the return of lost items.

"We also remind customers of the importance of looking after their digital device and to consider best practice surrounding security and encryption."

RailCorp holds lost property for a minimum of 28 working days for owners to claim.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.